New techniques are disclosed for protecting a token seed in a multifactor authentication system. A personal identification number is used to derive a fixed share, and the token seed is split, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, such that the token seed can only be reconstructed using any two of the three shares. The remote share is stored on a remote authentication server, and an encrypted version of the local share is stored on the user device. The remote share may be encrypted by performing a key wrapping operation on the remote share using the local share, and then storing the encrypted version of the remote share on the remote authentication server. The token seed, fixed share, remote share and local share may then be deleted from the user device.
Legal claims defining the scope of protection, as filed with the USPTO.
Claim text for this patent isn't available yet.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 13, 2016
May 14, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.